<?php
session_start( );
?>
<?php
require_once('connections/mysqlDB.php');
require('smarty_connect.php');

$smarty = new smarty_connect;
$dbConn = new mysqli(HOST,USER,PWD,DB);
// Get email&password from request object 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
//echo $myusername . '/' . $mypassword . '<br>';
/* prepare statement */
if ($stmt = $dbConn->prepare("SELECT email, regid, user_level FROM registrant WHERE email = ? and pwd = ? ")) {
    $stmt->bind_param('ss', $myusername, $mypassword);
    $stmt->execute(); 
	$stmt->bind_result($col1, $col2, $col3);
	while ($stmt->fetch()) {
	session_register("regid"); 
	session_register("email");
	session_register("verifyUser");
	session_register("conferenceID");
	// pass session object to con_registration.php or other web page.
	$_SESSION['email']=$col1;
	$_SESSION['regid']=$col2;
	$_SESSION['verifyUser']=$col3;
	$_SESSION['conferenceID']=$_POST['event'];
	$count =1;
	//$stmt->store_result();
	}
}

// Mysql_num_row is counting table row
//$count= $stmt->num_rows;
//echo "count: " . $count . "<br>";
// If result matched $myusername and $mypassword, table row must be 1 row

if (($count==1) and ($col3 >=3) ){
$dbConn->close();
header("location: con_admin.php");
}
if (($count == 1) and ($col3 <3)) {
$smarty->assign('error',"You are not allowed to access.");
$smarty->display('error.tpl');
} else {
$smarty->assign('error',"Wrong email or password");
$smarty->display('error.tpl');
}
?>